strace isn't going to show anything as specific as this. The closest you can get is the brk()
or mmap(MAP_ANONYMOUS)
calls which glibc uses to grab a whole new memory region. The rest doesn't use system calls, just direct memory access.
You might try ltrace
for userspace library calls.
Or just find the password prompt in the source code and look what happens with its results. Add a few printf()
's to display the memory addresses.